Three Rivers Information Security

Information Security Symposium

2017 TRISS Call for Sponsors

We are looking for sponsors for our second annual Three Rivers Information Security Symposium.  Last year’s symposium, our inaugural event, was a huge success with nearly 200 attendees and 11 sponsors.  We expect over 300 attendees this year and hope you will be interested in sponsoring this event and we know that your sponsorship will assist you in getting your message or product in front of Pittsburgh’s security professionals.  We have outlined the sponsorship levels below.  Our intention with the levels is to give companies and several options that are both affordable and provide avenues to get in front of our attendees.  In our event we have separated the speakers and sponsorship’s.  Although we do not want the speakers to be selling product it can be a great opportunity to highlight your area of expertise on any of a number of security topics.

Last year’s event attracted titles such as CIO, CISO, CTO, Director of Information Security, Manager of IT, Security/Data/Network Analyst, Owner and President from some of the largest companies in Pittsburgh such as U.S. Steel, PNC, PPG, Wesco , Dick’s Sporting Goods, UPMC, Dollar Bank, Bayer, Highmark, Giant Eagle, Federated, Mylan and Wabtec.

We expect this year’s symposium to be bigger and better than last year.  You can review last year’s presentation and speakers.  http://www.threeriversinfosec.com/2016speakers/

Please contact the TRISS Planning Committee (sponsor@threeriversinfosec.com)  to become a sponsor for 2017 or for more information on sponsoring.

Background:  The Three Rivers Information Security Symposium is a one-day conference, aimed at increasing awareness, interaction and knowledge in the Greater Pittsburgh information security community. Local security groups and partners hosting the symposium include InfraGard Pittsburgh, ISSA Pittsburgh and Pittsburgh OWASP.  There will be Presentations, Roundtable and Hands-On workshops on a variety of information security topics throughout the day.  The intent is to appeal to a wide range of attendees including network and application security, software developers, software quality engineers, computer science professionals and students.

 

Last year was an unqualified success and shows the Pittsburgh region is hungry for information security collaboration and community. This year we are targeting to increase our attendance to over 300 attendees. Attendees are from a wide variety of companies and organizations within the greater Pittsburgh area from consultants, to small businesses and multinational corporations covering finance, government, healthcare, manufacturing and information technology.

Gold – Event Sponsor*

A Gold Sponsorship will cost $5,000

  • Sponsor of the event.
  • Verbal recognition during program.
  • Recognition on all announcements including supporting organizations
  • 2’ x 4’ table
  • Admit 4 employees to event including lunch
  • 5 guest (customer) passes to event including lunch
  • Giveaway/raffle opportunity at the end of the event
  • Large logo on folder
  • List of all attendee company names and titles
  • Social Media mention
  • Logo posted on website

Silver – Session Sponsor*

A Silver Sponsorship will cost $2,500 per breakout session; limited to one sponsor per breakout session.

  • Sponsor each session in the breakout room.
  • 2’ x 4’ Table
  • Admit 2 employee to event including lunch
  • 2 guest (customer) passes to event including lunch
  • Giveaway/raffle opportunity at lunch or the end of the event
  • Small logo on folder
  • List of all attendee company names and titles
  • Social Media mention
  • Logo posted on website

Bronze – Standard Sponsorship*

A Bronze Sponsorship will cost $1,500 with a maximum of 15 tables.

  • 2’ x 4’ Table
  • Admit 2 employee to event including lunch
  • 2 guest (customer) passes to event including lunch
  • Giveaway/raffle opportunity at lunch or the end of the event
  • Small logo on folder
  • List of all attendee company names and titles
  • Social Media mention
  • Logo posted on website

Rules or event restrictions

* No more than 2 company logos can be displayed per sponsorship table

2017 TRISS Call for Speakers

The Three Rivers Information Security Symposium is pleased to announce a Call for Conference Papers and Call for Interactive Sessions for the 2017 Three Rivers Information Security Symposium on October 20, 2017, in conjunction with Cyber Security Awareness Month. This is the second of what is planned to be an annual Symposium. This year’s event will be hosted at DoubleTree – Monroeville Convention Center.

The Three Rivers Information Security Symposium is a one-day conference, aimed at increasing awareness, interaction and knowledge in the Greater Pittsburgh information security community. There will be presentations, round-table and hands-on workshops on a variety of information security topics throughout the day.  The intent is to appeal to all levels of security professionals including those working in network and application security, software development, software quality engineers, computer science professionals and students.  All presentations and interactive sessions are NOT to be a sales or product demonstration.  There are many excellent products and services offered by vendors in the security arena, but we are vendor neutral.

Local security groups hosting the symposium include InfraGard Pittsburgh, ISSA and OWASP. We are planning for over 300 attendees this year.

Call for Conference Speakers

Three Rivers Information Security Symposium presentations should focus on various areas of information security relevant to our local community.  We encourage speakers at all levels of experience to present papers to achieve the conference goals. Topics from last year’s symposium include:

 

The range of topics to present can cover secure coding techniques, insider threat, cloud, cryptography, cyber warfare, emerging threats, ethical hacking, forensics, ediscovery, incident response, intrusion detection, malware and reverse engineering, mobile, policy and governance, physical security, privacy and anonymity, security and risk, security education and awareness, secure programming, and security tools and techniques. Presentations should focus on various areas of information security, including the technical and social aspects. You are encouraged to combine and integrate these topics or come up with your own topic.  English language only presentations.

Please submit your Conference Paper topic by August 22, 2017, include the following details:

  • Talk Title (under 10 words)
  • 200ish words abstract with links to any pertinent backup information
  • Your Bio (under one paragraph, or submit your CV)
  • Contact information: Your name, website, phone number, email, twitter, LinkedIn
  • Where/when presented previously, if applicable

Send submissions to info@threeriversinfosec.com
Subject Line: TRISS 2017 presentation submission

 

Call for Conference Interactive Sessions

We listened! Based on your feedback, we are adding interactive learning to the symposium. This can be in the form of demonstrations, hands-on workshops and classic training.

The range of topics to can cover secure coding techniques, insider threat, cloud, cryptography, cyber warfare, emerging threats, ethical hacking, forensics, ediscovery, incident response, intrusion detection, malware and reverse engineering, mobile, policy and governance, physical security, privacy and anonymity, security and risk, security education and awareness, secure programming, and security tools and techniques.

Training sessions should focus on various areas of information security, including the technical and social aspects. You are encouraged to combine and integrate these topics or come up with your own topic.  English language only please.

These Interactive learning sessions will be in a separate space.

Please submit your training topic by August 22, 2017 include the following details:

  • Training Title (under 10 words)
  • 200ish words abstract with links to any pertinent backup information
  • Your Bio (under one paragraph, or submit your CV)
  • Contact information: Your name, website, phone number, email, twitter, LinkedIn
  • Where/when training previously provided, if applicable
  • Previous training experience; have you done this before? when and where?
  • Equipment needed
  • Length of desired session

Send submissions to info@threeriversinfosec.com
Subject Line: TRISS 2017 interactive submission

2016 Symposium Speakers

The inaugural Three Rivers Information Security Symposium will be held on Friday, October 28, 2016.  In conjunction with Cyber Security Awareness Month, TRISS will be held at Robert Morris University from 8:00 am to 3:30 pm.

Morning Keynote

 Getting a Security Program from 0-60 by Omar Khwaja, VP & CISO at Highmark Inc.

The evolution of the security program at Highmark Health is unquestionably a long-term undertaking, but in the course of the past couple years, the security organization has managed to address compliance, awareness, metrics, organizational culture and much more. But Highmark CISO Omar Khawaja recognizes that the betterment of a security posture — and the work of a security leader — is never done. Join this session to learn about the risks and advantages of taking an agile approach to security, and the challenges and opportunities for Highmark that wait just down the road.

Morning Speaker 1

Penetration test preparation that focuses your team to think like a hacker by David Kane, Managing Director and co-CEO at Ethical Intruder

Ethical Intruder has been performing Ethical Hacking evaluations for seven years and typically we find that the same issues come up at almost every organization regardless of size or the maturity of their security program.

The first impression you provide to a company performing a penetration test is very similar to the impression that a hacker would have when they are investigating if you are a good target for them to mount a deeper more sustained attack. So if a company can change that first impression, they may divert the attention of the pen tester or hacker and decrease their overall threatscape.

The core issues we see at local charitable non-profits up to fortune 50 health care providers can be addressed fairly easily by following some basic guidelines and without having to buy new tools or spending extended amounts of time or money to achieve this more secure impression.

The talk topic will cover several steps an organization can quickly change that first impression and make the hacker look maybe the other way. Stop focusing on the next tool or log when instead you can focus your teams’ perspective and behaviors to think like a hacker when they are protecting your core assets. The talk will cover a range of targets from external networks, web applications, internal networks, and physical corporate office spaces.

Morning Speaker 2

Mobile Security Threats: How Safe Is Our Data? by John Weingartner, Sarah Pfabe & Brendan Adams at RMU Top Secret Colonials

Mobile phones have become ubiquitous within our society, and many would now consider them a necessity rather than a convenience. We are living in a world where people are staying connected via mobile technology more than ever before. Technology which was once only found on desktop computers can now be carried in the palm of our hands. The number of mobile devices, at the end of 2015, exceeded 7.9 billion users. This noticeable constant connection to our mobile devices is bringing to the forefront an area of concern in regard to security. The majority of vulnerabilities are caused by the user error and lack of understanding and training of the implications associated with using a mobile device. In order to protect our mobile devices, it is imperative that end users and can answer the following questions among others. What security mechanisms do we have in place to deal with mobile security threats? What are the biggest risks associated with mobile devices? How secure are the mobile apps? In order to be able to address the risk factors associated with mobile malware, it is imperative to first understand the threats [3]. Mobile devices are becoming a new target to gain user information, as mobile device security has not kept up with traditional computer security. Cyber criminals are beginning to attack mobile devices due to the lack of security measures in place. Such information includes email accounts, phone numbers, calendar information, network or login credentials, confidential notes or files, and contact lists to name a few. Mobile devices can be used on both secure and unsecure environments.

Afternoon Keynote

Fifth Generation CyberDefenses: Can We Win an Unfair Fight? by Ray Watson, VP of Global Technology at Masergy

Cyber security has evolved through four major generations, and the recent DNC and NSA hacks are indicative that a fifth generation is now emerging. This presentation will discuss some of the challenges, advantages and pitfalls of fifth generation cyber security, including:  

  • What is the history and evolution of the five generations of cyber defense and security?
  • How can global enterprises possibly hope to defend themselves from Advanced Persistent Threats?
  • What are some best practices for enterprises around security?
  • How can CIO’s and CISO’s prepare their corporations to face the onslaught of new threats?
  • What are four things that you can do right now to mitigate the damages potentially done to your organization?

Afternoon Speaker 1

How Litigation and E-Discovery Interrupt the Life Cycle of Data by Mike Joyce & Kevin Wiggins, attorneys at Saul Ewing, LLP

This presentation is designed to be a primer for IT Security Professionals.  The speakers will first discuss one accepted model of the life cycle of data: create, grant access, process, analyze, preserve, re-use, and destroy.  The speakers will then discuss how litigation and e-discovery impact the different stages of that life cycle, including the duty to preserve, when the duty to preserve arises, security concerns over the preservation and production of data during discovery, and basic tips to ensure compliance with litigation-related mandates.  They will also discuss the application of the CIA triad to litigation and e-discovery. 

Afternoon Speaker 2

Threat Modeling and Risk Analysis for Developers and Testers by Matt Trevors at CERT@SEI/CMU

Let’s face it, security is hard! Part of the reason why it’s hard is because sometimes we don’t address security concerns early enough in the development process, if at all. Identifying and prioritizing security gaps in a design can be mitigated through the use of threat modeling and risk analysis. In this talk I will show you how to use the OWASP Top 10, STRIDE threat modeling and OCTAVE Allegro risk analysis to generate meaningful design changes that will have a major impact on the security of your application or system.

Afternoon Speaker 3

Get Involved – InfoSec Careers by Rick Farina at Pwnie Express

I am a very active member of the hacker community and through that I have built not only a strong career but a very impressive list of friends which I can rely on for personal and professional help.  I feel very strongly that being actively involved in security outside of normal work hours is critical to launching a successful career in infosec.  This is especially important for students who are trying to differentiate themselves from all the others in their graduating class to get not just high paying jobs but meaningful careers in their chosen field.

Symposium

The first Three Rivers Information Security Symposium will be held on Friday, October 28, 2016.  In conjunction with Cyber Security Awareness Month, TRISS will be held at Robert Morris University from 8:30 am to 3:30 pm.

There will be two keynote speakers and sessions on a variety of information security topics throughout the day.  The list of speakers and topics will be announced following a Call for Presentations.  Breakfast and lunch will be provided with attendees limited to 160.

 

We received twenty-one submissions. Thank you to everyone for submitting, unfortunately there is not enough time to select them all.  From those, two keynotes and five presentations were selected.  One presentation slot was added by adding thirty-minutes to the symposiums.  The tentative schedule:

Presentation Presenter Presentation Title
Key Note Omar Khwaja ZERO TO 60 – Transforming Security Program
Presentation 1 David Kane Penetration test preparation that focuses your team to think like a hacker
Presentation 2 Mike Joyce, Kevin Wiggins How Litigation and E-Discovery Interrupt the Life Cycle of Data
Key Note 2 Ray Watson Fifth Generation CyberDefenses: Can We Win an Unfair Fight?
Presentation 3 John Weingartner, Sarah Pfabe, Brendan Adams Mobile Security Threats: How Safe Is Our Data?
Presentation 4 Matt Trevors Threat Modeling and Risk Analysis for Developers and Testers
Presentation 5 Rick Farina Get Involved – InfoSec Careers